Terraform-provider-aws: AWS Site-to-Site VPN Adds Configurability of Security Algorithms and Timer Settings for VPN Tunnels

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

While creating VPN connections, you can now specify the security algorithms allowed for your tunnels and the timer settings proposed during negotiation by tunnel endpoints on the AWS side.

New or Affected Resource(s)

• aws_vpn_connection

Potential Terraform Configuration

resource "aws_vpn_connection" "main" {
  vpn_gateway_id      = "${aws_vpn_gateway.vpn_gateway.id}"
  customer_gateway_id = "${aws_customer_gateway.customer_gateway.id}"
  type                = "ipsec.1"
  static_routes_only  = true

  tunnel1_dpd_timeout_seconds = 30
  tunnel1_ike_versions        = ["ikev1"]

  tunnel1_phase_1_dh_group_numbers      = [14]
  tunnel1_phase_1_encryption_algorithms = ["AES256"]
  tunnel1_phase_1_integrity_algorithms  = ["SHA2-256"]
  tunnel1_phase_1_lifetime_seconds      = 28000

  tunnel1_phase_2_dh_group_numbers      = [14]
  tunnel1_phase_2_encryption_algorithms = ["AES256"]
  tunnel1_phase_2_integrity_algorithms  = ["SHA2-256"]
  tunnel1_phase_2_lifetime_seconds      = 28000
}

References

Requires:

• #10011